Steam phishing targets video game players

Graham Cluley
Graham Cluley
@[email protected]

SteamSteam, the world’s largest online gaming platform, is increasingly being targeted by phishers trying to steal credentials from its 30 million users.

If you’re not familiar with Steam, just imagine something like iTunes – but for PC and Mac video games.

If you’re interested in digitally downloading video games for your computer, Steam is likely to be your destination.

Steam's website

Sign up to our free newsletter.
Security news, advice, and tips.

Phishing attacks against Steam users are nothing new – they’ve been around for a couple of years – but as more and more users jump onto the Steam bandwagon (train?) phishers have greater chances of success.

Here’s one example of a Steam phishing email, intercepted by SophosLabs, which was sent to an email address that has never registered for a Steam account:

Steam phishing email

Subject: Warning! Your steam account will be suspended?

Although it looks like the link will take you to the real Steam website, the HTML actually directs you to a phishing site. Our spam researchers had a wry smile when they spotted that the email was sent on 15 February and yet it claims that Steam accounts will be closed if they don’t hear back from the users by 11 February.

Just as we’ve seen a black market for stolen iTunes accounts, so Steam accounts have a monetary value too.

So, don’t be too trigger-happy and always think before you click on that link. And if you use the same password on Steam as you do on other websites you could be handing cybercriminals over more than just the keys to your games cupboard.

Valve, the company behind Steam, has published advice on how to secure your Steam account which users would be wise to read.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.